Glacier XX4
(Backdoor.Win32.G_Door.d for Client)
(Backdoor.Win32.G_Door.20 for Server)

by Y2KZERO

aka GARU vs PUCCA

Compressed with ASPack

Released in December 2002

Made in China

more versions 


Client:
port: 7718 TCP



Servers:
c:\WINDOWS\SYSTEM\rnudll32.exe 
c:\WINDOWS\SYSTEM\sysdll32.exe 

size: 207.360 bytes 

port: 7626 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "(Default)" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "(Default)" 
HKEY_CLASSES_ROOT\txtfile\shell\open\command "(Default)" 

added:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "EnableAutodial" 
HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings "EnableAutodial" 
HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings "EnableAutodisconnect" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings "EnableAutodial" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings "EnableAutodisconnect"
MegaSecurity